[ubuntu/groovy-security] ceph 15.2.12-0ubuntu0.20.10.1 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Jun 24 23:45:51 UTC 2021


ceph (15.2.12-0ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: New upstream release (LP: #1929179):
    - CVE-2021-3509: Dashboard XSS via token cookie.
    - CVE-2021-3531: Swift API denial of service.
    - CVE-2021-3531: HTTP header injects via CORS in RGW.

ceph (15.2.11-0ubuntu0.20.10.2) groovy; urgency=medium

  * d/p/bug1914584.patch: Drop as this patch does not fix the
    actual issue.

ceph (15.2.11-0ubuntu0.20.10.1) groovy; urgency=high

  [ James Page ]
  * d/p/bug1917414.patch: Cherry pick fix to isa-l to remove use of text
    relocation calls which cause ceph-osd and ceph-mon daemons to fail
    to start (LP: #1917414).

  [ Chris MacNaughton ]
  * d/p/bug1914584.patch: Improve rgw diagnostic when reusing email
    (LP: #1914584).

  [ James Page ]
  * SECURITY UPDATE: New upstream stable point release (LP: #1921349).
    - CVE-2021-20288
    - d/p/bug1911900-fix-scrub-blocking-balancer.patch:
      Drop, included in release.
    - d/p/32bit-fixes.patch: Update for mismatched size_t/uint64_t on
      armhf causing compilation failure.

ceph (15.2.8-0ubuntu0.20.10.1) groovy; urgency=medium

  [ Chris MacNaughton ]
  * New upstream point release (LP: #1912355):
    - d/cephadm.install, d/librgw-dev.install, d/librgw2.install: Upstream
      point release removes files that were being installed.
    - d/rules: Remove installation of /etc/sudoers.d/cephadm as it is
      removed upstream.
  * d/p/disable-log-slow-requests.patch: Remove logging every slow request
    details to monitors LP: #1909162).

  [ Ponnuvel Palaniyappan ]
  * d/p/bug1911900-fix-scrub-blocking-balancer.patch:
    Prevent scrub from stopping balancer (LP: #1911900)

Date: 2021-06-21 13:17:09.831984+00:00
Changed-By: James Page <james.page at ubuntu.com>
Signed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/ceph/15.2.12-0ubuntu0.20.10.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Groovy-changes mailing list